Presentation is loading. Please wait.

Presentation is loading. Please wait.

Deployment Models A.e-Mail client (no S/MIME) »NHIN-Direct developed security agent »off-the-shelf S/MIME proxy B.e-Mail client using Native S/MIME »Internet.

Published byGarey Hodges Modified over 8 years ago

Similar presentations

Presentation on theme: "Deployment Models A.e-Mail client (no S/MIME) »NHIN-Direct developed security agent »off-the-shelf S/MIME proxy B.e-Mail client using Native S/MIME »Internet."— Presentation transcript:

1 Deployment Models A.e-Mail client (no S/MIME) »NHIN-Direct developed security agent »off-the-shelf S/MIME proxy B.e-Mail client using Native S/MIME »Internet e-Mail Service Provider »Healthcare specific e-Mail Service Provider C.Web Portal »to common Internet e-Mail service with S/MIME support »to Healthcare specific messaging service with S/MIME support D.EHR/PHR with integrated S/MIME functionality »deployed inside the Provider »deployed as SaaS E.NHIN Direct to/from NHIN Exchange »Trusted NHIN Gateway »End to End secure

2 Source Client Destination Client Source Full Service HISP Source Full Service HISP Destination Full Service HISP Destination Full Service HISP Send Locate Destination Certificate POP/IMAP + TLS Receive S/MIME Encrypt w/ Destination Cert S/MIME Encrypt w/ Destination Cert S/MIME Verify w/ Source Cert S/MIME Verify w/ Source Cert S/MIME Decrypt w/ Private Key S/MIME Decrypt w/ Private Key A) e-Mail client with Full Service HISP SMTP + S/MIME Locate Destination Address Locate Destination Address SMTP + MIME+ TLS SMTP + MIME+ TLS Document Or XDM Document Or XDM S/MIME Sign w/ Private Key S/MIME Sign w/ Private Key Encrypted Content A.1 A.2 A.3 A.4 A.5 A.6 A.7 A.8 A.9 A.10 A.11 Private Key Store

3 Destination Client Source Client Destination HISP Send Document Or XDM Receive B) e-Mail client using Native S/MIME Locate Destination Address + Certificate Locate Destination Address + Certificate POP/IMAP + TLS SMTP + S/MIME Document Or XDM S/MIME Encrypt w/ Destination Cert S/MIME Encrypt w/ Destination Cert S/MIME Sign w/ Private Key S/MIME Sign w/ Private Key S/MIME Decrypt w/ Private Key S/MIME Decrypt w/ Private Key Encrypted Content B.1 B.2 B.3 B.4 B.5 B.6 B.7 S/MIME Verify w/ Source Cert S/MIME Verify w/ Source Cert B.8 B.9 Private Key Store

4 Destination Client Source Client Source web HISP Destination web HISP Send Upload Document(s) HTTP + TLS HTTP + TLS Receive S/MIME Encrypt w/ Destination Cert S/MIME Encrypt w/ Destination Cert S/MIME Verify w/ Source Cert S/MIME Verify w/ Source Cert S/MIME Decrypt w/ Private Key S/MIME Decrypt w/ Private Key C) Web Portal HTTP + TLS HTTP + TLS Document Or XDM Document Or XDM Download Document(s) S/MIME Sign w/ Private Key S/MIME Sign w/ Private Key Find Destination Address + Certificate Find Destination Address + Certificate Build XDM SMTP + S/MIME Encrypted Content C.1 C.2 C.3 C.4 C.5 C.6 C.7 C.8 C.9 C.10 C.11 C.12 Private Key Store

5 Destination Client Source Client Destination HISP Send Document Or XDM Receive D) EHR/PHR with integrated S/MIME Locate Destination Address + Certificate Locate Destination Address + Certificate POP/IMAP + TLS SMTP + S/MIME Document Or XDM S/MIME Encrypt w/ Destination Cert S/MIME Encrypt w/ Destination Cert S/MIME Sign w/ Private Key S/MIME Sign w/ Private Key S/MIME Decrypt w/ Private Key S/MIME Decrypt w/ Private Key Encrypted Content D.1 Private Key Store D.2 Private Key Store S/MIME Verify w/ Source Cert S/MIME Verify w/ Source Cert D.3 D.4D.5 D.6 D.7 D.8 D.9

6 Gateway: Direct Project to XDR (Destination HISP) Gateway: Direct Project to XDR (Destination HISP) Receive S/MIME Verify w/ Source Cert S/MIME Verify w/ Source Cert S/MIME Decrypt w/ Private Key S/MIME Decrypt w/ Private Key E) Direct Project sending to XDR with Trusted Service Provider (e.g. NHIN Exchange) Convert XDM metadata and content to XDR format SMTP + S/MIME Direct Project Sender XDR + TLS XDR + TLS Destination Certificate is shared with all XDR destinations in XDR Exchange Endpoint in XDR Exchange E.1.1 E.1.2 E.1.4 E.1.6 E.1.7 Private Key Store Address Book w/ Certs E.1.3 E.1.5

7 Gateway: Direct Project from XDR (Source HISP) Gateway: Direct Project from XDR (Source HISP) Send S/MIME Encrypt w/ Destination Cert S/MIME Encrypt w/ Destination Cert E) Direct Project receiving from XDR with Trusted Service Provider (e.g. NHIN Exchange) XDR + TLS XDR + TLS S/MIME Sign w/ Private Key S/MIME Sign w/ Private Key Extract Destination Address from XDR metadata Extract Destination Address from XDR metadata Convert XDR Metadata and Documents to XDM Zip file Direct Project Recipient Endpoint in XDR Exchange Locate Destination Certificate SMTP + S/MIME Private Key Store Address Book w/ Certs E.2.6 E.2.4 E.2.1 E.2.2 E.2.3 E.2.5 E.2.7 E.2.9 E.2.8

8 NHIN Direct to NHIN Exchange (Destination HISP) NHIN Direct to NHIN Exchange (Destination HISP) Receive E) NHIN Direct sending to non-trusted NHIN Exchange (End-to-End Secure) SMTP + S/MIME NHIN Direct Place S/MIME message as XDR content XDR + TLS XDR + TLS Destination Certificate is Individual or Organization NHIN Exchang e

9 NHIN Direct to NHIN Exchange (Destination HISP) NHIN Direct to NHIN Exchange (Destination HISP) Receive S/MIME Verify w/ Source Cert S/MIME Verify w/ Source Cert S/MIME Decrypt w/ Private Key S/MIME Decrypt w/ Private Key E) NHIN Direct sending to NHIN Exchange Convert XDM metadata and content to XDR format SMTP + S/MIME NHIN Direct Place S/MIME message as XDR content XDR + TLS XDR + TLS Destination Certificate is Group NHIN Exchange Destination Certificate is Individual or Organization NHIN Exchang e

10 Non Trusted NHIN Exchange Gateway E) NHIN-Direct receiving from non-Trusted NHIN Exchange (End-to-End Secure) NHIN Direct NHIN Exchang e Source Certificate is individual or organizational Source Client S/MIME Encrypt w/ Destination Cert S/MIME Encrypt w/ Destination Cert XDM Zip file S/MIME Sign w/ Private Key S/MIME Sign w/ Private Key Locate Destination Address + Certificate Locate Destination Address + Certificate XDR + TLS XDR + TLS Extract from XDM metadata the To and From addresses Extract S/MIME message from XDR content SMTP + S/MIME

11 Trusted NHIN Exchange Gateway Non Trusted NHIN Exchange Gateway Send S/MIME Encrypt w/ Destination Cert S/MIME Encrypt w/ Destination Cert E) NHIN-Direct receiving from NHIN Exchange XDR + TLS XDR + TLS S/MIME Sign w/ Private Key S/MIME Sign w/ Private Key Extract Destination Address from XDR metadata Extract Destination Address from XDR metadata Convert XDR Metadata and Documents to XDM Zip file NHIN Direct NHIN Exchang e Locate Destination Certificate Source Certificate is NHIN Exchange Group Certificate Source Certificate is individual or organizational Source Client S/MIME Encrypt w/ Destination Cert S/MIME Encrypt w/ Destination Cert XDM Zip file S/MIME Sign w/ Private Key S/MIME Sign w/ Private Key Locate Destination Address + Certificate Locate Destination Address + Certificate XDR + TLS XDR + TLS Extract from XDM metadata the To and From addresses Extract S/MIME message from XDR content SMTP + S/MIME

Download ppt "Deployment Models A.e-Mail client (no S/MIME) »NHIN-Direct developed security agent »off-the-shelf S/MIME proxy B.e-Mail client using Native S/MIME »Internet."

Similar presentations

11/2/2013 2:02:38 AM 5864_ER_FED 1 Importing Certificates into Lotus Notes R6.

11/2/2013 2:02:38 AM 5864_ER_FED 1 Importing Certificates into Lotus Notes R6.
The Direct Project In A Box Vaibhav Bhandari (Engineer, Microsoft) Ali Emami (Engineer, Microsoft)

The Direct Project In A Box Vaibhav Bhandari (Engineer, Microsoft) Ali Emami (Engineer, Microsoft)
Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
June, 2010 SOAP / IHE Concrete Implementation. We are a group of organizations who have already implemented IHE profiles We recognized the user stories.

June, 2010 SOAP / IHE Concrete Implementation. We are a group of organizations who have already implemented IHE profiles We recognized the user stories.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Lecture 5: Email security: PGP Anish Arora CSE 5473 Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CSE 5473 Introduction to Network Security.
Lecture 5: Email security: PGP Anish Arora CIS694K Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CIS694K Introduction to Network Security.
Understanding and Leveraging MU Stage 2 Optional Transports (SOAP)

Understanding and Leveraging MU Stage 2 Optional Transports (SOAP)
NHIN-Direct SMTP/Email Notes 6/10/2010. Why we chose Email Concepts match the charter exactly Implementations match the charter exactly* Well understood.

NHIN-Direct SMTP/ Notes 6/10/2010. Why we chose Concepts match the charter exactly Implementations match the charter exactly* Well understood.
Shouting from the Rooftops: Improving Email Security Dr. Maury Pinsk FRCPC University of Alberta Division of Pediatric Nephrology.

Shouting from the Rooftops: Improving Security Dr. Maury Pinsk FRCPC University of Alberta Division of Pediatric Nephrology.
Product and Technology News Georg Bommer, Inter-Networking AG (Switzerland)

Product and Technology News Georg Bommer, Inter-Networking AG (Switzerland)
PUBLIC KEY INFRASTRUTURE Don Sheehy

PUBLIC KEY INFRASTRUTURE Don Sheehy
1 Pertemuan 12 E-mail Security Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 12 Security Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Lecture 12 e-mail Security. Summary  PEM  secure email  PGP  S/MIME.

Lecture 12 Security. Summary  PEM  secure  PGP  S/MIME.
Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
S/MIME Email and PKI Dartmouth College PKI Lab. What Is S/MIME? RFC 2633 (S/MIME Version 3)RFC 2633 Extensions to MIME Uses PKI certificates, keys, and.

S/MIME and PKI Dartmouth College PKI Lab. What Is S/MIME? RFC 2633 (S/MIME Version 3)RFC 2633 Extensions to MIME Uses PKI certificates, keys, and.
E-mail-I CS-3505 Wb_e-mail-I.ppt. Email 4 The most useful feature of the internet 4 Lots of different email programs, but most of them can talk to each.

-I CS-3505 Wb_ -I.ppt. 4 The most useful feature of the internet 4 Lots of different programs, but most of them can talk to each.
INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.

INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.
E-mail Security using Encryption Security Features Message Origin Authentication - verifying that the sender is who he or she says they are Content Integrity.

Security using Encryption Security Features Message Origin Authentication - verifying that the sender is who he or she says they are Content Integrity.

Similar presentations

Ads by Google